WannaSpam - WannaCry-themed scam used to collect ransoms

by Linas Kiguolis - -

WannaSpam: fake message actively using the name of a well-known virus

WannaCry attack scam

Security experts have just noticed untypical spam campaign which was named as WannaSpam. The message which is used in this campaign is reporting about the attack of an infamous WannaCry ransomware.[1] Unfortunately, hundreds of PC users have already received the email message which is reporting about the threat's infection and is asking to pay the ransom.

However, these WannaCry-related claims are fake. This is just a typical scam that looks legitimate enough to trick people into paying the demanded ransom. However, you should delete this email without a delay and finish dealing with it.

The main actor in this campaign is the phishing[2] email that spreads around and scares people with news about a serious virus on the system. Many people on different forums have already reported that these emails are extremely difficult to remove.

It is clear that the fake message is seeking to threaten people into believing that they are dealing with an infamous WannaCry which can encrypt their files and databases. The fame message reads:

Hello! WannaCry returned!
All your devices were cracked with our program installed on them. We have made improvements for operation of our program, so you will not be able to regain the data after the attack. All the information will be encrypted and then erased. Antivirus software will not be able to detect our program, while firewalls will be impotent against our one-of-a-kind code. 

Hackers[3] are also stating that the victim needs to pay 0.1 BTC, otherwise, his or hers files will be deleted. Recipients are given only one day for the payment. However, suspicion can rise right after looking at the email's subject because it is full of typo and grammar mistakes. For example:

  • “!!!Attantion WannaCry!!!”,
  • !!!WannaCry-Team Attantion!!!”,
  • “Attantion WannaCry”,
  • “WannaCry Attantion!”,
  •  “WannaCry-Team Attantion!!!”.

Additionally, the fake message claims:

Deletion of your data will take place on June 22, 2018, at 5:00 – 10:00 PM.
All data stored on your computers, servers, and mobile devices will be destroyed.
Devices working on any version of Windows, iOS, macOS, Android, and Linux are subject to data erasion.
In order to ensure against data demolition, you can pay 0.1 BTC (~$650) to the bitcoin wallet:[link]
You must pay in due time and notify us about the payment via email until 5:00 PM on June 22, 2018.

These emails are just fake messages used to extort money. While they are stating that all of your devices are hacked or infected with a virus and your files can be deleted if you do not pay, the only real threat here is contacting these cyber criminals and paying the demanded ransom. Any communication with them can lead you to more significant infections or money/data loss. At the moment, there is no news regarding WannaCry ransomware, and not even close to events that happened at the beginning of this year.[4]

Ways used by a real WannaCry virus to infiltrate the system

WannaCry ransomware attack was implemented using Windows vulnerability that was named as MS17-010. The virus was s spreading around using spam emails with malicious links.[5] Some of those links were related to bogus sites that provided commercial content or instructions on how to install fake tools for virus removal or other optimization utilities.

However, after getting into the system and encrypting victim's files, ransomware also scanned the network looking for vulnerabilities in Windows system. Those who did not apply the MS17-010 patch were infected, including hospitals and other governmental authorities. 

Scams are becoming more and more popular to lure people into giving the money

Tech-support[6] scammers and spammers have been luring people using these attacks for some time now. The best thing you can do is strengthening your security-related knowledge, in a first place. Make sure you read about the latest security events just to make sure that you are protected against virus attacks and other dangers (like this WannaSpam attack)

Upgrading your system with the latest version of security software, installing required patches, keeping every important program updated is also important to protect your computer against ransomware attacks and scams that are used just to trick you into believing that you have become a victim of such virus. Don't forget firewall settings and general security requirements. Creating backups should also become a routine for every PC user.

About the author

Linas Kiguolis
Linas Kiguolis - Expert in social media

Linas Kiguolis is one of News Editors and also the Social Media Manager of 2spyware project. He is an Applied Computer Science professional whose expertise in cyber security is a valuable addition to the team.

Contact Linas Kiguolis
About the company Esolutions

References